scc: pavon owncloud diagnostic scratch scripts from 2026-04-29 session

Six small bash scripts uploaded to /tmp on 172.16.3.22 during the OwnCloud cron stacking incident — investigation, group enumeration, failed group-restrict attempt, occ subcommand discovery. Captured for audit; full context in clients/pavon/session-logs/2026-04-29-session.md. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-29 08:25:11 -07:00
parent f22d33f2ae
commit d62a14ca4e
6 changed files with 110 additions and 0 deletions
--- a/temp/occ-versions-help.sh
+++ b/temp/occ-versions-help.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+OCC="sudo -u apache php /var/www/owncloud/occ"
+echo "=== ALL versions:* COMMANDS ==="
+$OCC list 2>&1 | grep -E '^\s+versions:'
+echo
+echo "=== ALL trashbin:* COMMANDS ==="
+$OCC list 2>&1 | grep -E '^\s+trashbin:'
+echo
+echo "=== versions:cleanup HELP ==="
+$OCC versions:cleanup --help 2>&1 | head -25
+echo
+echo "=== versions:expire HELP ==="
+$OCC versions:expire --help 2>&1 | head -25
+echo
+echo "=== files_versions DIR STATE BEFORE ==="
+du -sh /owncloud/pavon/files_versions 2>&1
+find /owncloud/pavon/files_versions -type f 2>/dev/null | wc -l
+echo
+echo "=== filecache rows for pavon's versions ==="
+mysql owncloud --skip-column-names <<<'SELECT COUNT(*) FROM oc_filecache fc JOIN oc_storages s ON fc.storage=s.numeric_id WHERE s.id="home::pavon" AND fc.path LIKE "files_versions/%"' 2>&1
--- a/temp/owncloud-groups-check.sh
+++ b/temp/owncloud-groups-check.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+echo "=== EXISTING GROUPS ==="
+sudo -u apache php /var/www/owncloud/occ group:list 2>&1
+echo
+echo "=== PAVON'S GROUPS ==="
+sudo -u apache php /var/www/owncloud/occ user:show pavon 2>&1 | grep -iE 'group|enabled'
+echo
+echo "=== APP ENABLE/DISABLE PER-GROUP SUPPORT ==="
+sudo -u apache php /var/www/owncloud/occ help app:enable 2>&1 | head -20
--- a/temp/owncloud-investigate.sh
+++ b/temp/owncloud-investigate.sh
@@ -0,0 +1,21 @@
+#!/bin/bash
+echo === LOAD ===
+uptime
+echo
+echo === CIFS UTILS ===
+rpm -q cifs-utils 2>&1
+which mount.cifs 2>&1
+echo
+echo === EXISTING SMB MOUNTS ===
+mount | grep -iE 'cifs|smb|172.16.3.21' || echo "(none)"
+echo
+echo === SUBDIR FILE COUNTS ===
+for d in /owncloud/pavon/files/*/; do
+    name="${d#/owncloud/pavon/files/}"
+    name="${name%/}"
+    count=$(find "$d" -maxdepth 4 -type f 2>/dev/null | wc -l)
+    echo "$count files: $name"
+done
+echo
+echo === ESTIMATED FILES OLDER THAN 365 DAYS ===
+find /owncloud/pavon/files -type f -mtime +365 2>/dev/null | wc -l
--- a/temp/owncloud-pavon-groups.sh
+++ b/temp/owncloud-pavon-groups.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+echo "=== PAVON USER DETAILS ==="
+sudo -u apache php /var/www/owncloud/occ user:list-groups pavon 2>&1
+echo
+echo "=== ALL USERS WITH GROUPS ==="
+for u in $(sudo -u apache php /var/www/owncloud/occ user:list 2>&1 | awk -F': ' '{print $2}' | tr -d ' '); do
+    [ -z "$u" ] && continue
+    grps=$(sudo -u apache php /var/www/owncloud/occ user:list-groups "$u" 2>&1 | grep -E '^\s+-' | awk -F'- ' '{print $2}' | paste -sd, -)
+    echo "$u: ${grps:-(no groups)}"
+done
--- a/temp/owncloud-versioning-check.sh
+++ b/temp/owncloud-versioning-check.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+echo "=== VERSIONING APP STATUS ==="
+sudo -u apache php /var/www/owncloud/occ app:list 2>&1 | grep -iE 'versions|trash'
+echo
+echo "=== GLOBAL VERSIONS RETENTION ==="
+sudo -u apache php /var/www/owncloud/occ config:system:get versions_retention_obligation 2>&1
+echo
+echo "=== TRASH RETENTION ==="
+sudo -u apache php /var/www/owncloud/occ config:system:get trashbin_retention_obligation 2>&1
+echo
+echo "=== EXISTING VERSIONS DIR FOR PAVON ==="
+du -sh /owncloud/pavon/files_versions 2>&1
+ls /owncloud/pavon/ 2>&1
+echo
+echo "=== USER LIST ==="
+sudo -u apache php /var/www/owncloud/occ user:list 2>&1
+echo
+echo "=== PER-USER VERSIONING SETTING (if any) ==="
+sudo -u apache php /var/www/owncloud/occ user:setting pavon files_versions 2>&1 || true
--- a/temp/owncloud-versioning-restrict.sh
+++ b/temp/owncloud-versioning-restrict.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+set -e
+OCC="sudo -u apache php /var/www/owncloud/occ"
+
+echo "=== STEP 1: Create group 'versioning_users' ==="
+$OCC group:add versioning_users 2>&1 || true
+
+echo
+echo "=== STEP 2: Add all non-pavon users to the group ==="
+for u in Martell anaise bst jburger mara minrec rohrbach sysadmin themarcgroup; do
+    $OCC group:add-member versioning_users --member "$u" 2>&1 || true
+done
+
+echo
+echo "=== STEP 3: Verify membership ==="
+$OCC group:list-members versioning_users 2>&1
+
+echo
+echo "=== STEP 4: Disable files_versions globally ==="
+$OCC app:disable files_versions 2>&1
+
+echo
+echo "=== STEP 5: Re-enable for versioning_users group only ==="
+$OCC app:enable files_versions --groups versioning_users 2>&1
+
+echo
+echo "=== STEP 6: Verify app status ==="
+$OCC app:list 2>&1 | grep -A 2 -i versions
+echo
+echo "=== STEP 7: Verify pavon excluded ==="
+$OCC user:list-groups pavon 2>&1